Hi Cameron, > does it for old style crypt() passwords. There should be equivalent code > for the MD5 stuff. The only thing you've missed is that most of these > things use a salt, kept with the hash, to make sure that if two people > have the same password, their hashes _aren't_ the same.
I've been trying out this script I found on the net (with a couple of lines I added for debug). It is supposed to list all users found with a password that matches the first parameter. #!/usr/bin/perl -w #test a plain text password. If no login is provided, returns #the logins of users with that password, and false if no match? #If a login is provided, returns true if the password #is the password of that login, false and a warning if user not existing #or the password is x, and a warning if the account is disabled. use lib "/usr/lib/perl5/site_perl/5.6.0"; use Crypt::PasswdMD5; unless (@ARGV){print STDERR "usage:$0 [passwd] [login]\n"; die} my $passwd=shift; my $login=""; if (@ARGV){ $login=shift @ARGV; } my @result=(); my @ passwdEntry = (); my ($user,$pwd); while (($user, $pwd) = getpwent){ $enc = Crypt::PasswdMD5::unix_md5_crypt($passwd,$pwd); print "$user, $pwd, $enc\n"; if ($login and ($login eq $user)){ if ($pwd eq 'x'){ print STDERR "you have no access to the password\n"; exit 1; } if ($pwd =~ s/^\!//){ print STDERR "warning: account locked\n"; } exit (! (Crypt::PasswdMD5::unix_md5_crypt($passwd,$pwd) eq $pwd)) ; } elsif ((! $login) and (Crypt::PasswdMD5::unix_md5_crypt($passwd,$pwd) eq $pwd)) { print "success\n"; push @result, $user; } } if ($login){print STDERR "No such login name: $login\n";} if (@result){print "@result\n";} exit ! (@result); and I am getting output like: user1, z3Lu.fGQIIKz2, $1$z3Lu.fGQ$yrlYizBt7HUDqmJq5dXNC1 user2, 0pF2M.FIukAWo, $1$0pF2M.FI$XYSqmC0jTzXoUY5dtHpz5/ user3, OMyao/at64nVk, $1$OMyao/at$WIQwz4g28Qs5GbakAps1s/ The result returned from Crypt::PasswdMD5::unix_md5_crypt is much longer than the $pwd variable returned by getpwent. The 8 chars between the 2nd and 3rd $ are ALWAYS equal to the $pwd variable. Any ideas how to proceed from here? -- Regards, +-----------------------+---------------------------------+ | Peter Kiem | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT | Mobile : +61 0414 724 766 | | IT Consultancy & | WWW : www.zordah.net | | Internet Hosting | ICQ : "Zordah" 866661 | +-----------------------+---------------------------------+ _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list